OpenVistA EHR

These instructions are adapted from the Ultimate Server with OpenVistA EHR and are oriented towards that framework. However, the instructions should be applicable (without installing the entire server platform) on all versions of Ubuntu/Kubuntu. Settings listed in italics are meant to be customized for your system. Always use secure unique IDs and passwords.

OpenVistA can also be installed using the Medsphere repositories. (Use karmic, jaunty, or maverick repositories instead of lucid if using one of those versions.)

Install pre-requisites

Although the OpenVistA server can be installed and run on an Ubuntu server without a GUI desktop, I don't recommend it. It is a GUI-based system and it is difficult to troubleshoot it if no GUI desktop is installed. Therefore, make sure you have a ubuntu-desktop (or kubuntu-desktop) installed on your Ubuntu server.

Apache2 is required. It can be installed individually (sudo apt-get install apache2) or as part of a LAMP (Linux, Apache2, MySQL, PHP) installation:

Adjust SSH for remote connections

If the OpenSSH server was not installed on your server at initial installation, it can be installed now.

sudo tasksel install openssh-server

The default SSH port is 22, but this may conflict with other SSH servers on your network. Change the SSH port to a custom port. Also disallow password-based logins, for now, to prevent unauthorized logins. See this tutorial.

sudo gedit /etc/ssh/sshd_config

change the listening port:

Port 22199

and disallow Password-based authentication by changing the line::

#PasswordAuthentication yes

to

PasswordAuthentication no

Make sure the OpenSSH server knows that it must look for the authorized_keys file. Uncomment the line:

#AuthorizedKeysFile %h/.ssh/authorized_keys

so that it resembles:

AuthorizedKeysFile %h/.ssh/authorized_keys

then restart the OpenSSH server:

sudo /etc/init.d/ssh restart

Make sure the router forwards the selected listening port (e.g. 22199) to the IP address (e.g. 192.168.0.99) of the server.

Make sure that a file named authorized_keys (with write privileges) is in that folder. If not, create such a file (using the touch command to create an empty file) while logged into the server as serveruser (i.e. lucidadmin00):

cd ~/.ssh
touch authorized_keys

Concatenate the newly-generated id_rsa.pub key to the authorized_keys file:

Note: vinagre -- fullscreen vnc://127.0.0.1 will start the VNC connection in fullscreen mode (but should only be used when connecting from other computers).

Install an EHR (Electronic Health Record) system

Although these instructions are for OpenVistA EHR, other VistA EHR derivatives can be installed in a somewhat similar fashion.

The OpenSSH server was set to listen on port 22199. Make sure the router forwards port 22199 to this computer's LAN IP address. The OpenSSH server will be reached by tunneling to myjaunty00.dyndns.org using port 22199.

Note: When running from a menu item shortcut, make sure you set the directory as the workpath. I place the menu items in a separate submenu named EHR. Although the OpenVistA-CIS client uses port 9201 by default, the Astronaut OpenVistA server uses port 9260 by default.

Note: If you wish to connect directly through the network (without using an SSH tunnel), merely replace --server=127.0.0.1 with --server=myjaunty00.dyndns.org and make sure the LAN's router forwards port 9260 to the LAN IP address of the server (and make sure that all firewalls allow port 9260 to be open).

Use your Access Code / Verify Code as the LoginID / Password ( default at installation for Astronaut systems is sys.admin / vista!123 ). This should be changed at the initial connection, e.g. to vista!456.

Connecting through an SSH tunnel

This method is necessary to connect remote clients to the server through a secure, encrypted tunnel. It is worthwhile to test this connection method by setting it up on the server, as well. Make sure your router is forwarding (to your server) the SSH port you selected (in these examples port 22199).

In order to maintain the Astronaut structure, copy the (previously created) SSH authorized_keys file to the .ssh folders for client9260 and text9260 (where serveruser = jauntyadmin00 on this server):

Create Menu shortcuts for the Text9260 Server Admin client (a text-based SSH tunnel). This will be the method used to logon (in text mode) directly to the OpenVistA Server for administrative functions:

When logging on, the ACCESS CODE / VERIFY CODE are the same as at the initial logon (sys.admin and vista!123 (or vista!456 if changed as in the above section)). The exit key for the OpenVistA server functions is ^ .

Note: While the text9260 SSH tunnel is open, it is also possible to simultaneously run the OpenVistA-CIS Client (using the menu shortcut created above which contains the command: mono OpenVistaCIS.exe --server=127.0.0.1 --port=9201).

To access the OpenVistA Server from a Windows machine, use the Astronaut Clients (and the Windows OpenVistA-CIS clients). See here and here.

Adjust Login Manager IDs

The two IDs text9260 and client9260 are meant to act as interfaces to the GT.M (MUMPS) database and not as login IDs for the GUI desktop. In fact, a user that logs into them can alter their settings accidentally. It is therefore better to exclude these two IDs from the Login Manager. It is also not necessary to have the openvistaEHR login ID enabled (although there is no harm in logging into this account).

The accounts will remain active but will not show up on the Login screen.

VistA Server functions

The VistA server functions are generally configured from a text interface. The VistA server is very flexible and powerful, and therefore can seem complex to customize and daunting for new users.

Accessing the interface is possible in several ways:

While logged on the server (using any login ID) by starting VistA Commander from a command-line interface Terminal:

/opt/openvista/EHR/bin/vista_com.sh

Logging in directly to the server using the provided Linux login (openvistaEHR or worldvistaEHR) and opening a (Konsole) Terminal. This loads the VistA Commander interface automatically. (On Astronaut systems, the default initial password is vista!123.)

Using the Text Client, VistA Config, or VistA Server Admin (text9260) (with or without SSH) if installed on your system as part of a client package.

Using the built-in VistA Server Text Client menu items/shortcuts in the Ubuntu-Med system.

Note: this new /home/lucidadmin00/.ssh/authorized_keys file should also be copied to /home/client9260/.ssh/authorized_keys and /home/text9260/.ssh/authorized_keys as detailed in the subsequent OpenVistA EHR section.

If Windows-based PuTTY SSH users are to be added to the system, then see this tutorial. The SSH keys must be tweaked to be used with OpenSSH, copied to the server, and then concatenated to the authorized_keys file in a similar fashion.

Other resources

Ubuntu-Med FAQ -- a robust server package that includes a pre-configured installation of OpenVistA